Skip to content

Commit

Permalink
combine sarif uploads
Browse files Browse the repository at this point in the history
  • Loading branch information
@itsmostafa
itsmostafa committed Sep 15, 2024
1 parent a78ca24 commit fcbed4c
Showing 1 changed file with 29 additions and 11 deletions.
40 changes: 29 additions & 11 deletions .github/workflows/trivy-analysis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,21 +25,21 @@ jobs:
- name: Run vulnerability scanner
uses: aquasecurity/trivy-action@0.24.0
with:
format: "sarif"
output: "trivy-dotnet-results.sarif"
format: sarif
output: trivy-dotnet-results.sarif
scan-type: fs
scan-ref: ./CSETWebApi
severity: CRITICAL,HIGH
skip-files: |
CSETWebApi/CSETWeb_Api/**/*.sql
CSETWebApi/CSETWeb_Api/**/*.xml
- name: Upload scan results to Security tab
uses: github/codeql-action/upload-sarif@v3
if: always()
- name: Upload SARIF artifact
id: upload
uses: actions/upload-artifact@v4
with:
category: ".NET"
sarif_file: "trivy-dotnet-results.sarif"
name: trivy-dotnet-results
path: trivy-dotnet-results.sarif

nodejs:
name: Node.js Analysis
Expand All @@ -51,14 +51,32 @@ jobs:
- name: Run vulnerability scanner
uses: aquasecurity/trivy-action@0.24.0
with:
format: "sarif"
output: "trivy-nodejs-results.sarif"
format: sarif
output: trivy-nodejs-results.sarif
scan-type: fs
scan-ref: ./CSETWebNg
severity: CRITICAL,HIGH

- name: Upload SARIF artifact
id: upload
uses: actions/upload-artifact@v4
with:
name: trivy-nodejs-results
path: trivy-nodejs-results.sarif

results:
name: Upload scan results
runs-on: ubuntu-latest
needs: [dotnet, nodejs]
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Merge results
run: |
jq -s 'reduce .[] as $item ({}; . * $item)' trivy-*.sarif > trivy-results.sarif
- name: Upload scan results to Security tab
uses: github/codeql-action/upload-sarif@v3
with:
category: "Node.js"
sarif_file: "trivy-nodejs-results.sarif"
sarif_file: "trivy-results.sarif"

0 comments on commit fcbed4c

Please sign in to comment.